check-csp

command
v0.3.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 8, 2026 License: MIT Imports: 3 Imported by: 0

Documentation

Overview

check-csp is a build-time linter that fails when production Go source emits inline <script> blocks. The framework's default strict Content-Security-Policy is `default-src 'self'`, which forbids inline JS; violations silently break pages in production (the browser blocks the script with a CSP error).

Usage: 

go run ./cmd/check-csp           # walks the current directory
go run ./cmd/check-csp ./path    # walks a specific path

Exits 0 when clean, 1 when violations were found, 2 on infrastructure error. Wired into `make build` via a `csp-check` prerequisite so the app refuses to build when an inline <script> sneaks in.

Test files (_test.go) are skipped — fixtures may legitimately contain known-bad strings for assertion purposes.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.